OT: how to block emails sent to too many recipients

Sean Murray murray at tlabs.ac.za
Mon Dec 20 14:49:56 GMT 2010 

Denis Beauchemin wrote:
> Hello all,
> 
> Someone seems to have found a way to use one of our MS servers to send spam. Each spam is sent to more than 199 recipients and the envelope from is never from our domain.
> 
> I would like to block them but I am not sure how… I didn’t find anything in sendmail (except milter-limit which denies emails I have to deliver). I am now looking to SA.
> 
> Does anyone know how to get the nrcpts= value found on the from= sendmail log line?
> 
> Thanks!
> 
> Denis
> PS: the spam is sent through our webmail (Horde). I cannot stop delivering emails from those servers.
Not necessarily entirely helpful but maybe my story might in some way help you.

We got nailed similarly in our squirrelmail setup with a bunch of clowns 
having bad passwords (username=password).
squirrelmail very nicely places the logged-in username in the mail header.
So in exim we parse the header and if the user is one of those users, we block
all sending from webmail, but only sending from webmail, sending via other means is still permitted.

Maybe you could try blocking the mails from certain users sent via horde, as opposed to changing settings 
for all users ? 

use it, dont use it, up to you ..... 
yay my first post to this list hopefully uselful ;-)

Cheers
Sean



> 
> Denis Beauchemin, analyste
> Université de Sherbrooke, S.T.I.
> T: 819.821.8000x62252 F: 819.821.8045
> 
> 

 ___________________________________________________________________________________
| ____  ____  _   _  ____  __  __  ____    __   | Sean Murray                       |
|(_  _)(_  _)( )_( )( ___)(  \/  )(  _ \  /__\  | Facilitator of Research Science   |
| _)(_   )(   ) _ (  )__)  )    (  ) _ < /(__)\ | iThemba LABS                      |
|(____) (__) (_) (_)(____)(_/\/\_)(____/(__)(__)| Cape Town, South Africa           |
|(  )    /__\  (  _ \/ __)                      | Voice  : +27 21 8431056           |
| )(__  /(__)\  ) _ <\__ \                      | Fax    : +27 21 8433525           |
|(____)(__)(__)(____/(___/                      |                                   |
|_______________________________________________|___________________________________|

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2997 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20101220/fa556751/smime.bin

More information about the MailScanner mailing list